Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin"— Presentation transcript:

1 Authentication Policy David Kelsey CCLRC/RAL d.p.kelsey@rl.ac.uk 15 April 2004, Dublin d.p.kelsey@rl.ac.uk

2 eInfrastructure Workshop, Dublin- 2 David Kelsey – Authentication Policy – 15 Apr 2004 Outline  Grid Authentication Background  Current Status  The EU Grid PMA  Policy Guidelines  TACAR  Summary

3 eInfrastructure Workshop, Dublin- 3 David Kelsey – Authentication Policy – 15 Apr 2004 Grid Authentication Background  Many Grids use the Grid Security Infrastructure (GSI)  For Authentication  Based on X.509 Public Key Infrastructure (PKI)  The EDG Certification Authorities Coordination Group (CACG) – started in December 2000  Coordinated the CAs for use by (EU FP5)  EU DataGrid (EDG)  DataTAG  CrossGrid  & Many national Grid projects  Global requirements driven by LCG (HEP)

4 eInfrastructure Workshop, Dublin- 4 David Kelsey – Authentication Policy – 15 Apr 2004 EDG CACG (2001-03)  User Single “Sign-on”  Once per session (and delegation)  Identity credentials accepted by many Grids  Hierarchical root – not possible in GSI  Most appropriate scale is one CA per nation  Timely Revocation is important  Establish common trust domain  minimum requirements/best practice/peer review  Certificates from trusted CA can be used anywhere  Common repository of trust anchors  Robust Registration Authority procedures are needed  RAs need to be close to the user’s home institute

5 eInfrastructure Workshop, Dublin- 5 David Kelsey – Authentication Policy – 15 Apr 2004 Current Status – 21 Approved CAs and number of certificates issued to date Armenia 0 Taiwan 80 CERN 640 Czech Rep365 France 1400 Cyprus 18 Spain 408 USA 2807 FNAL(US) 1 Canada 570 Ireland 170 Germany 364 Greece 49 Italy 1956 Portugal 61 Netherlands 321 Nordic 579 Poland 266 Russia 230 Slovakia 26 UK 1856 Total 12167

6 eInfrastructure Workshop, Dublin- 6 David Kelsey – Authentication Policy – 15 Apr 2004 EU Grid PMA coverage  Most countries in Europe have a national CA  “Catch-all” for EGEE (France) and SEE-GRID for S.East  Green: CA Accredited  Yellow: being discussed Other Accredited CAs:  DoEGrids (USA)  GridCanada  ASCCG (Taiwan)  ArmeSFO (Armenia)  CERN  Russia (LCG)  FNAL Service CA (USA)  Israel  Pakistan

7 eInfrastructure Workshop, Dublin- 7 David Kelsey – Authentication Policy – 15 Apr 2004 The EU Grid PMA “Policy Management Authority”  Continues from the EDG CACG www.eugridpma.org www.eugridpma.org  Defines Minimum requirements and Best practices  Accredits Authorities  General authentication – not just PKI  Members  Accredited Authorities  Major relying parties (EGEE, DEISA, SEE-GRID, LCG,…)  TERENA (TACAR)  1 st meeting – April 2004 – Florence (INFN)  Charter approved  David Groep (NIKHEF) appointed as Chair

8 eInfrastructure Workshop, Dublin- 8 David Kelsey – Authentication Policy – 15 Apr 2004 Authentication Policy Guidelines  Wherever possible  No more than one CA per country  Aim for widest possible cover  PMA does not provide identity assertions  Certificates issued meet or exceed the guidelines  Identity for Grid/eScience Authentication only  No support of data encryption or non- repudiation  No support for financial transactions  No liability!

9 eInfrastructure Workshop, Dublin- 9 David Kelsey – Authentication Policy – 15 Apr 2004 Policy Guidelines (2)  A single authoritative source for verifying roots of trust is needed (see TACAR)  We must work in the global arena (GGF & gridpma.org) gridpma.org  GSI imposes technical constraints which must be met  The PMA is mainly technical  Development needs technical experts

10 eInfrastructure Workshop, Dublin- 10 David Kelsey – Authentication Policy – 15 Apr 2004 TACAR  The TERENA Academic CA Repository  Created by task force TF-AACE  Aimed at facilitating the use of PKI in Europe  Repository of “trust anchors”  Like root certificates distributed with web- browsers  NREN CAs and non-for-profit projects (eg Grid)  Published policy and procedures for registration  No evaluation of CA policies or procedures  An important service for Grid Authentication  Authoritative source of roots of trust

11 eInfrastructure Workshop, Dublin- 11 David Kelsey – Authentication Policy – 15 Apr 2004 Summary  The CACG built a strong base for Grid Authentication  The EU Grid PMA is now instrumental for FP6 Grid projects in the global arena via a single Trust Domain  EGEE, DEISA and SEE-GRID are all relying party members of the PMA and will use this PKI  And other global and national Grids, e.g. LCG  A single common repository for authentication will promote the trust anchor (TACAR)

Download ppt "Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin"

Similar presentations

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer

Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK

11-Dec-01D.P.Kelsey, Authentication1 Authentication 11 Dec 2001 David Kelsey CLRC/RAL, UK
5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK

5-Sep-02D.P.Kelsey, Security Summary, Budapest1 WP6/7 Security Summary Budapest 5 Sep 2002 David Kelsey CLRC/RAL, UK
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA Face-to-Face Meeting Beijing David Groep, 2005-11-29.

A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA Face-to-Face Meeting Beijing David Groep,
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Grid Security in EGEE/LCG ISGC 2005, Taipei, Taiwan 29 April 2005 David Kelsey CCLRC/RAL, UK

Grid Security in EGEE/LCG ISGC 2005, Taipei, Taiwan 29 April 2005 David Kelsey CCLRC/RAL, UK
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin

The EU Grid PMA David Kelsey CCLRC/RAL 16 April 2004, Dublin
The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.

The TERENA Academic CA Repository. eIRG Meeting. Dublin, 16/04/2004 Diego R. Lopez – TF-AACE  Task Force on Authentication and.
GRID workshop Enabling Grids for E-sciencE www.eu-egee.org iag.iucc.ac.il PKI, Certificates and CAs – Oh My! Hank Nussbacher Israel InterUniversity Computation.

GRID workshop Enabling Grids for E-sciencE iag.iucc.ac.il PKI, Certificates and CAs – Oh My! Hank Nussbacher Israel InterUniversity Computation.
Grid Trust Fabric TNC 2006, Catania 16 May 2006 David Kelsey CCLRC/RAL, UK

Grid Trust Fabric TNC 2006, Catania 16 May 2006 David Kelsey CCLRC/RAL, UK
Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.

Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.

13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK

12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
20-May-03D.P.Kelsey, LCG-1 Security, HEPiX1 Grid Security for LCG-1 HEPiX, NIKHEF, 20 May 2003 David Kelsey CCLRC/RAL, UK

20-May-03D.P.Kelsey, LCG-1 Security, HEPiX1 Grid Security for LCG-1 HEPiX, NIKHEF, 20 May 2003 David Kelsey CCLRC/RAL, UK

Similar presentations

Ads by Google